One of the most critical aspects of data security is ensuring that data-bearing devices (DBDs) are properly managed and destroyed within the confines of your organization. Allowing DBDs to leave the site can violate federal regulations and expose your organization to significant cyber risks. Compliance with NIST regulations and GDPR requires stringent control over the entire data destruction process.

Why Onsite Data Destruction Matters:
Ensuring that data destruction occurs onsite is crucial for maintaining compliance and minimizing risks. Here’s why:

  • Cyber Risk Management Program: All US and EU organizations are required to implement a Cyber Risk Management program. However, research shows that less than 1% of US companies have completed this program. Without a robust risk management program, high-risk operations, including offsite data destruction, are not adequately controlled, leading to potential data breaches.
  • Compliance with NIST and GDPR: NIST regulations in the US and GDPR in the EU mandate that data destruction be conducted onsite, within the four walls of the organization. This ensures that the process remains under the control of the contracted organization, minimizing the risk of data leaks. Managers should always opt for the lower cyber risk option, which is onsite destruction.
  • Risks of Offsite Data Destruction: Data destruction vendors and recyclers who use large shredders in parking lots or at remote locations compromise data security for their convenience. Transporting DBDs offsite introduces numerous vulnerabilities, including the potential for data loss or theft during transit. Onsite data destruction eliminates these risks by keeping the entire process within a secure environment.

Key Takeaways:

  • Implement a comprehensive Cyber Risk Management program to control high-risk operations.
  • Ensure data destruction is conducted onsite to comply with NIST and GDPR regulations.
  • Avoid using vendors who perform data destruction offsite or in unsecured locations.

Maintaining control over data-bearing devices and ensuring their destruction occurs onsite is essential for compliance and data security. By adhering to NIST and GDPR regulations, organizations can mitigate risks and protect sensitive information. Stay tuned for our next post, where we will explore the different methods of data sanitization and how to choose the right method for your needs.

case studies

See More Case Studies
Videos

Datacenters are a cybersecurity target

I’m a recovering intelligence officer. I’m always a recovering intelligence officer for one trauma or another. And I’ve had the benefit, the pleasure, the honor to apply a lot of those skills I use in defense of our nation in the commercial section and in the commercial world as well, rising all the way to chief operating officer of a company that I thought was pretty obscure.

Learn more
Videos

Loss of data hurts everyone

Whether I’m a nation state targeting data, whether I’m a criminal enterprise targeting data, or a transnational organization targeting that, that data is valuable. And while it’s valuable to me, there is a negative externality to the people that I’m taking it from as well. It’s not a victimless crime, right?

Learn more
Videos

Datacenters are the obvious target

Anybody ever watch storage wars?
You can go on the dark web and buy drives like you were buying a storage unit. “I’ll give you a thousand dollars for that storage unit”. I know there’s got to be a couple thousand bucks worth of stuff in it. Your data out there is the same way.

Learn more
Contact us

Why risk it alone?
Get started today.

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.
Call us at: +1 (614) 322-2222
Your benefits:
  • Client-oriented
  • Independent
  • Competent
  • Results-driven
  • Problem-solving
  • Transparent
What happens next?
1

Schedule a call at your convenience

2

We do a discovery and consulting meeting 

3

We prepare a proposal 

Schedule a Free Consultation